Support [read|write]mem, libs and cwd

Gallopsled · Nov 27, 2023 · 327e271 · 327e271
1 parent 231d3d6
commit 327e271
Showing 1 changed file with 22 additions and 1 deletion.
diff --git a/pwnlib/tubes/process.py b/pwnlib/tubes/process.py
@@ -286,6 +286,8 @@ def __init__(self, argv = None,
             self.suid = self.uid = None
             self.sgid = self.gid = None
             internal_preexec_fn = None
+
+            self._libs = None
         else:
             # Determine which descriptors will be attached to a new PTY
             handles = (stdin, stdout, stderr)
@@ -561,7 +563,10 @@ def cwd(self):
             '/proc'
         """
         try:
-            self._cwd = os.readlink('/proc/%i/cwd' % self.pid)
+            if IS_WINDOWS:
+                self._cwd = self.win_process.peb.ProcessParameters.contents.CurrentDirectory.DosPath.str
+            else:
+                self._cwd = os.readlink('/proc/%i/cwd' % self.pid)
         except Exception:
             pass
 
@@ -912,6 +917,13 @@ def libs(self):
         by the process to the address it is loaded at in the process' address
         space.
         """
+        if IS_WINDOWS:
+            if not self._check_initialized():
+                raise Exception("PEB not initialized while getting the loaded modules")
+            if not self._libs:
+                self._libs = {module.name.lower(): module.baseaddr for module in self.win_process.peb.modules if module.name}
+            return self._libs
+
         try:
             maps_raw = open('/proc/%d/maps' % self.pid).read()
         except IOError:
@@ -1045,6 +1057,11 @@ def leak(self, address, count=1):
             >>> p.leak(e.address, 4)
             b'\x7fELF'
         """
+        if IS_WINDOWS:
+            if not self._check_initialized():
+                self.error("PEB not initialized while reading memory")
+            return self.win_process.read_memory(address, count)
+
         # If it's running under qemu-user, don't leak anything.
         if 'qemu-' in os.path.realpath('/proc/%i/exe' % self.pid):
             self.error("Cannot use leaker on binaries under QEMU.")
@@ -1090,6 +1107,10 @@ def writemem(self, address, data):
             >>> io.recvall()
             b'aaaabaaacaaadaaaeaaafaaagaaahaaa'
         """
+        if IS_WINDOWS:
+            if not self._check_initialized():
+                self.error("PEB not initialized while writing memory")
+            return self.win_process.write_memory(address, data)
 
         if 'qemu-' in os.path.realpath('/proc/%i/exe' % self.pid):
             self.error("Cannot use leaker on binaries under QEMU.")